Menu
I am trying to build a project on CircleCI that needs access to a secure file. I cannot use an environment variable, it must be in the form of a file. In my case it is specifically a Maven settings.xml file, but there are other use cases. What can I do?
891
Options for Storing Secrets There are few secret-storage options that CircleCI can support at this time: You can store them as plaintext using Contexts resources (org-wide) or environment variables (job-specific), and then echo them into files, etc., at job runtime via your config. yml.
All data in transit is encrypted via TLS and SSH. Environment variables are encrypted at rest and in transit, and injected into the runtime environment at the start of a job. All sensitive secrets such as keys, tokens, and other credentials should be stored as environment variables within CircleCI.
Log in to the CircleCI web app. When GitHub prompts you to authorize CircleCI, click the Authorize application button. From the Projects page, follow all projects you want the machine user to have access to. On the Project Settings > Checkout SSH keys page, click the Authorize With GitHub button.
A CircleCI project shares the name of the associated code repository in your version control system (VCS). Select Projects in the CircleCI web app sidebar to enter the projects dashboard. From here you can set up and follow the projects you have access to.
There are actually quite a few solutions to this problem:
File as Environment Variable
If the contents of the file are short (just a password for example), you can store the entire file as an environment variable, and then add a line like this to your circle.yaml build file:
echo $SECURE_FILE > mySecureFile
Variable Substitution
If the contents of the file are large, but only a small portion of the file is secure, you can store the file in your code repository, and then use sed to replace a fixed string with an environment variable, like this:
sed -e s/SECURE_PASSWORD/${SECURE_PASSWORD}/g mySecureFile.tmpl > mySecureFile
Encrypt the File
You can encrypt your config file and check it into your source repository, then store the decryption key as an environment variable. Decrypt it during the build process.
Maven Settings.xml Special Case
For the special case of Maven settings.xml files, you can use environment variables in your settings.xml, so you can do something like this:
${env.MY_SECURE_TEXT} MY_SECURE_TEXT in the circle CI configuration
70
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With